Ethereal-users: Re: [Ethereal-users] Rogue AP Detection & Bad URL

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Jon Baer" <ethereal@xxxxxxxxxxx>
Date: Wed, 16 Jul 2003 15:10:12 -0700
there are a few factors to consider in doing rouge ap detection to begin
with ...

first, ethereal is a tool built upon a networking capture library
(libpcap/winpcap) but depending on the drivers for your interface you need
to put it into RF/monitor mode to capture wireless packets to begin with.  @
the moment only patched linux drivers offer this type of operation ...

the other thing is that (correct me if im wrong) but ethereal does not do
any detection, the person using ethereal might do the detection ...

if you are looking for an app to do detection and you want to detect rouge
access points then id point you to here:

http://ingsoc.net/snort-wireless/

so my question in turn is if you could get "alerts" when loading up a
capture in ethereal?  this would be a nice feature request:  a plugin to
filter through say snort rulesets that alert you when loading the file
through ethereal.

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47


----- Original Message ----- 
From: "Guy Harris" <guy@xxxxxxxxxxxx>
To: "Colburn" <kd4e@xxxxxxxx>
Cc: <ethereal-users@xxxxxxxxxxxx>
Sent: Wednesday, July 16, 2003 1:10 PM
Subject: Re: [Ethereal-users] Rogue AP Detection & Bad URL


>
> On Wednesday, July 16, 2003, at 1:03 PM, Colburn wrote:
>
> > They state in their chart (excerpt below) that Ethereal does not handle
> > "Rogue AP detection.  Is this correct?
>
> Yes.
>
> > Will this feature be added some time soon?
>
> Only if somebody contributes code to implement it soon.  Ethereal
> doesn't currently have a lot of the "expert" mechanisms that some other
> network analyzers do; much of that analysis would have to be done by
> hand by somebody looking at the capture, or by a script (Perl, Python,
> Ruby, shell, whatever) that processes, for example, the output of
> Tethereal (I don't know of any that do rogue AP detection).
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>